EulerOS 2.0 SP8 impacted by multiple poppler vulnerabilities including Integer Overflow, Denial of Service, and Buffer Over-read
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1827) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Fedora Update for poppler FEDORA-2019-d04944813d | 7 May 201900:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2022:1723-1) | 19 May 202200:00 | – | openvas |
OpenVAS | Fedora Update for poppler FEDORA-2019-8729e0edf5 | 14 Aug 201900:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1986) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-1752-1) | 9 Apr 201900:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1898) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2015) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Fedora Update for poppler FEDORA-2019-69ec14786b | 14 Aug 201900:00 | – | openvas |
OpenVAS | openSUSE: Security Advisory for poppler (SUSE-SU-2023:4690-1) | 4 Mar 202400:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(128196);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/01");
script_cve_id(
"CVE-2018-20662",
"CVE-2019-9631",
"CVE-2019-9903",
"CVE-2019-9959"
);
script_name(english:"EulerOS 2.0 SP8 : poppler (EulerOS-SA-2019-1827)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the poppler packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- The JPXStream::init function in Poppler 0.78.0 and
earlier doesn't check for negative values of stream
length, leading to an Integer Overflow, thereby making
it possible to allocate a large memory chunk on the
heap, with a size controlled by an attacker, as
demonstrated by pdftocairo.(CVE-2019-9959)
- In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows
attackers to cause a denial-of-service (application
crash caused by Object.h SIGABRT, because of a wrong
return value from PDFDoc::setup) by crafting a PDF file
in which an xref data structure is mishandled during
extractPDFSubtype processing.(CVE-2018-20662)
- Poppler 0.74.0 has a heap-based buffer over-read in the
CairoRescaleBox.cc downsample_row_box_filter
function.(CVE-2019-9631)
- PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0
mishandles dict marking, leading to stack consumption
in the function Dict::find() located at Dict.cc, which
can (for example) be triggered by passing a crafted pdf
file to the pdfunite binary.(CVE-2019-9903)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1827
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?43292a37");
script_set_attribute(attribute:"solution", value:
"Update the affected poppler packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9631");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-glib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-qt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["poppler-0.67.0-1.h6.eulerosv2r8",
"poppler-glib-0.67.0-1.h6.eulerosv2r8",
"poppler-qt-0.67.0-1.h6.eulerosv2r8",
"poppler-utils-0.67.0-1.h6.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo